external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

Fixed access control checking.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-01-25 00:22:01 -08:00
parent 8291c82839
commit bb3cba35c3
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
webserver.js
View file

@ -6010,13 +6010,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
const m = obj.meshes[i]; const m = obj.meshes[i];
if ((m) && (m.deleted == null) && ((rights == null) || ((m.rights & rights) != 0))) { if ((m) && (m.deleted == null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
if (r.indexOf(m) == -1) { r.push(m); } if (r.indexOf(m) == -1) { r.push(m); }
} }
} else if (i.startsWith('ugrp/')) { } else if (i.startsWith('ugrp/')) {
// Grant access to a device group thru a user group // Grant access to a device group thru a user group
const g = obj.userGroups[i]; const g = obj.userGroups[i];
if (g && (g.links != null) && ((rights == null) || ((g.rights & rights) != 0))) { if (g && (g.links != null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
for (var j in g.links) { for (var j in g.links) {
if (j.startsWith('mesh/')) { if (j.startsWith('mesh/')) {
const m = obj.meshes[j]; const m = obj.meshes[j];
@ -6047,13 +6047,13 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
if (i.startsWith('mesh/')) { if (i.startsWith('mesh/')) {
// Grant access to a device group thru a direct link // Grant access to a device group thru a direct link
const m = obj.meshes[i]; const m = obj.meshes[i];
if ((m) && (m.deleted == null) && ((rights == null) || ((m.rights & rights) != 0))) { if ((m) && (m.deleted == null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
if (r.indexOf(m._id) == -1) { r.push(m._id); } if (r.indexOf(m._id) == -1) { r.push(m._id); }
} }
} else if (i.startsWith('ugrp/')) { } else if (i.startsWith('ugrp/')) {
// Grant access to a device group thru a user group // Grant access to a device group thru a user group
const g = obj.userGroups[i]; const g = obj.userGroups[i];
if (g && (g.links != null) && ((rights == null) || ((g.rights & rights) != 0))) { if (g && (g.links != null) && ((rights == null) || ((user.links[i].rights & rights) != 0))) {
for (var j in g.links) { for (var j in g.links) {
if (j.startsWith('mesh/')) { if (j.startsWith('mesh/')) {
const m = obj.meshes[j]; const m = obj.meshes[j];